[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnash-dev] Crash bug with possible fix
From: |
strk |
Subject: |
Re: [Gnash-dev] Crash bug with possible fix |
Date: |
Mon, 13 Nov 2006 09:20:20 +0100 |
On Sun, Nov 12, 2006 at 11:30:07PM -0500, dolphinling wrote:
> I have a file at http://dolphinling.net/gnash/5.swf that crashes gnash. The
> file was reduced using swftools to the minimum needed to crash from
> http://images.neopets.com/faerieland/wheel_v1.swf .
>
> When it crashes it prints the following:
> gnash: edit_text_character.cpp:849: void
> gnash::edit_text_character::registerTextVariable(const std::string&):
> Assertion `dynamic_cast<sprite_instance*>(target)' failed.
> Aborted
>
> Having run through a debugger, it looks like target is null at that point,
> and as_environment.cpp:find_target() can indeed return null in at least two
> ways. So it looks like casting null to a sprite_instance* doesn't work.
>
> The funny thing is, target is non-null before that, and if I comment out
> the line setting it null, it doesn't crash.
Nothing funny about that, the crash is just the failed assertion(), which
is expected to fail if given a NULL pointer.
> I don't understand all the code, so I don't know if the correct fix is to
> make find_target() not return null in this case, to null check before
> setting target, or to remove that line entirely, but null checking seems to
> work for me, so here's a patch for it.
Well, it seems that the SWF contains a fully-qualified variable name
referencing an unexisting "target" (the path part in a path/variable spec).
If this is the case this would be a malformed SWF. What to do in this case ?
I'd just NOT set the text variable and warn user (IF_VERBOSE_MALFORMED_SWF).
--strk;